Basic DLP filter types
The following basic filter types can be configured in the CLI:
File type and name
A file type filter allows you to block, allow, log, or quarantine based on the file type specified in the file filter list.
config dlp filepattern edit <id> set name <string> config entries edit <pattern> set filter-type {type | pattern} set file-type <file type> next end next end
To configure file type and name filtering:
- Create a file pattern to filter files based on the file name patter or file type.
For example, to filter for GIFs and PDFs:
config dlp filepattern edit 11 set name "sample_config" config entries edit "*.gif" set filter-type pattern next edit "pdf" set filter-type type set file-type pdf next end next end
- Create the DLP sensor:
config dlp sensor edit <name> config filter edit <id> set name <string> set proto {smtp pop3 imap http-get http-post ftp nntp mapi ssh cifs} set filter-by file-type set file-type 11 set action {allow | log-only | block | quarantine-ip} next end next end
File size
A file size filter checks for files that exceed the specific size, and performs the DLP sensor's configured action on them.
To configure file size filtering:
config dlp sensor edit <name> config filter edit <id> set name <string> set proto {smtp pop3 imap http-get http-post ftp nntp mapi ssh cifs} set filter-by file-size set file-type 11 set action {allow | log-only | block | quarantine-ip} next end next end
Regular expression
A regular expression filter is used to filter files or messages based on the configured regular expression pattern.
To configure regular expression filtering:
config dlp sensor edit <name> config filter edit <id> set name <string> set type {file | message} set proto {smtp pop3 imap http-get http-post ftp nntp mapi ssh cifs} set filter-by regexp set regexp <string> set action {allow | log-only | block | quarantine-ip} next end next end
Credit card and SSN
The credit card sensor can match the credit card number formats used by American Express, Mastercard, and Visa. It can be used to filter files or messages.
The SSN sensor can be used to filter files or messages for Social Security Numbers.
To configure credit card or SSN filtering:
config dlp sensor edit <name> config filter edit <id> set name <string> set type {file | message} set proto {smtp pop3 imap http-get http-post ftp nntp mapi ssh cifs} set filter-by {credit-card | ssn} set action {allow | log-only | block | quarantine-ip} next end next end